1, DATA MANAGEMENT PRACTICES
This website, elfin.hu, is hosted by Google through the Google Firebase Hosting service. The data is managed by Elfin Ltd., which is responsible for handling personal data received via the contact form on elfin.hu. After submitting the form, a program code running on Google's Firebase server forwards the data to info@elfin.hu and also records it as an entry in the Google Firebase Firestore database associated with the website's hosting.The elfin.hu website does not currently use cookies that require user consent. Based on the above, there is no need for a cookie acceptance popup on the website.
Contact Information:
Full Name: Elfin Ltd.
Email Address: info@elfin.hu
1137 Budapest, Szent István Park 6.
2, WHAT PERSONAL DATA DO WE PROCESS AND WHY?
Personal data is information that clearly enables the precise identification of an individual.https://elfin.hu processes the following personal data, with specific legal justifications:
COMMUNICATION DATA
This includes any messages sent to us via the website, email, social media messages, or any other form of communication. We process and store this data to fulfill orders and provide a basis for decision-making in case of legal claims. The legal basis for this processing is the user's legitimate interest in our activities, expressed through messages addressed to us.CUSTOMER DATA
This includes all information related to the purchase of products and services, such as the buyer's name, shipping and billing addresses, email address, phone number, and details of purchased products. We process this data to successfully complete orders and maintain legally compliant records of purchases. The legal basis for data storage is the fulfillment of the contract created by the purchase between the customer and Elfin Ltd.USER DATA
This includes data generated during website usage, allowing the website to function technically, maintain security, store user activity records, and provide the most relevant content. The legal basis for processing this data is the user's legitimate interest in our activities, which requires this storage for proper site functionality.TECHNICAL DATA
This includes information generated during website usage, such as IP addresses, login information, browser data, page visit duration, page views and navigation paths, number and time of visits, time zones, and device data used to access the site. The source of this data is our analytics software. We process this data to analyze user habits, maintain site security, and assess the effectiveness of marketing decisions. The legal basis for processing this data is the user's legitimate interest in our activities, allowing us to store and use this information for secure operation and business growth.MARKETING DATA
This includes visitor preferences regarding marketing content they wish to receive from us. We process this data to enable participation in sweepstakes and send advertisements related to products/services users have expressed interest in. The legal basis for processing this data is the user's legitimate interest in our activities, allowing us to store and use this data to ensure effective business operations. Occasionally, we may use collected data to provide targeted, relevant advertisements on the Facebook™ platform and other dynamic advertising surfaces, measuring the effectiveness of these ads. We do not collect sensitive data such as ethnicity, religious beliefs, sexual orientation, political views, trade union membership, health background, genetic, or biometric information.3, HOW DO WE COLLECT DATA?
Personal data may be collected directly when the user provides it (e.g., placing an order or sending a message). Some data may be collected automatically through website usage, such as via cookies and similar technologies. These only activate after user consent and are disclosed in our cookie policy if applicable. Elfin Ltd. is committed to protecting user data and complying with applicable regulations. A data protection impact assessment was conducted to create a list of collected data, their necessity, legal basis, and compliance with legal requirements. We use SSL certification across the entire website to protect form-submitted and site-generated data. Additionally, the service provider secures the functions transmitting form content, which operate within Google's Firebase protected environment. If necessary, we ensure compliance with GDPR requirements and, for U.S.-based partners, their participation in the EU-US Privacy Shield initiative. We also sign data processing agreements to ensure responsible data management.4, NOTE ON PERSONAL DATA
Occasionally, sharing personal data with certain partners is necessary to maintain normal business operations:- IT service providers and system maintenance specialists
- Expert partners such as lawyers, accountants, bankers, insurers
- Government agencies requesting reports on our activities
- Payment service providers securely handling banking data
- Courier services fulfilling orders to the provided shipping address
International Data Transfers:
Occasionally, we may need to share user data with partners outside the European Economic Area (EEA) for business operations. Since non-EEA countries often lack equivalent data protection levels, European laws prohibit data transfers unless certain conditions are met. When transferring personal data outside the EEA, we take the following steps in addition to those discussed in Section 4: - Transfer data only to countries deemed secure by the European Commission. - Use only U.S.-based services participating in the EU-US Privacy Shield program. - If these conditions are not met, we seek explicit user consent for data transfers, which can be withdrawn at any time.
5, DATA RETENTION PERIOD
User data is stored only as long as legally required for accounting, reporting, or service operation needs. When determining retention periods, we consider data quantity, nature, sensitivity, and potential impact in case of a data breach. For tax reasons, we must retain customer billing and purchase data for at least 8 years. In some cases, anonymized data may be used for statistical purposes without time limitations.6, USER RIGHTS
As an EU citizen, the General Data Protection Regulation (GDPR) grants users the following rights:a, Access to Personal Data
Users can request a copy of personal data stored by https://elfin.hu, free of charge, within 14 days. Excessive or unjustified requests may incur a fee and additional processing time. Identity verification is required before data release to prevent misuse. Requests can be sent to info@elfin.hub, Modifying Personal Data
If personal data changes or is incorrect, users may request modifications via kbela84@gmail.com.c, Requesting Data Deletion
Users have the right to request deletion of all personal data. Once deleted, user accounts and purchased content become inaccessible. Identity verification is required before deletion. Requests can be submitted via the contact form. For additional details, contact the National Authority for Data Protection and Freedom of Information (NAIH) in Hungary.d, Request to Restrict the Processing of Personal Data
Users have the right to request restrictions on the provision of their data to third parties (service partners). When submitting a request, users can specify which service partners they wish to restrict. It is important to note that cooperation with certain service providers is essential for the operation of the site (e.g., Barion as a payment provider). If these providers are restricted, the site's services will become unavailable to the user. Kiss Béla László requires proof of identity before restricting the transfer of personal data to prevent misuse. To request the restriction of personal data transfer, please use the contact form above.Nemzeti Adatvédelmi és Információszabadság Hatóság,
1125 Budapest, Szilágyi Erzsébet fasor 22/C.,
Levelezési cím: 1530 Budapest, Pf.: 5.,
Telefon: 06.1.391.1400,
Fax: 06.1.391.1410,
E-mail: ugyfelszolgalat@naih.hu
Honlap: http://www.naih.hu
